tetragon: docs, copy Cilium style k8s install #1561
Conversation
✅ Deploy Preview for tetragon ready!
To edit notification comments on pull requests, go to your Netlify site configuration. |
jrfastab
force-pushed
the
pr/jrfastab/docs
branch
6 times, most recently
from
901ba2b to
d019715
Compare
There was a problem hiding this comment.
So for you to know, names of the files are important because they create the link, for example here you have:
/docs/getting-started/install-tetragon/install-k8s which I think is very misleading in your case should be /docs/getting-started/quick-install/kubernetes or something like that.
We can modify the link independently of the file name, but by default, it's using the filename.
| {{< tabpane >}} | ||
| {{< tab header="K8s" >}} | ||
| kubectl apply -f tbd.base-enforce.yaml | ||
| {{< /tab >}} | ||
| {{< tab header="Docker" >}} | ||
| {{< /tab >}} | ||
| {{< tab header="Systemd" >}} | ||
| {{< /tab >}} | ||
| {{< /tabpane >}} |
There was a problem hiding this comment.
I've made a PR to fix those #1570 and to show you how to make more complicated tab panes. You can check the doc if needed https://www.docsy.dev/docs/adding-content/shortcodes/#tabbed-panes.
There was a problem hiding this comment.
Do you think we should completely get rid of that :(? maybe we can recycle this as a tutorial?
There was a problem hiding this comment.
Yeah I was also tempted to just remove this level of hierarchy and put it in a tutorial.
There was a problem hiding this comment.
I guess it's just a draft because for now it's behind installation/Systemd. If we don't create an "installation" section we can put this under tutorial.
There was a problem hiding this comment.
I don't really get what we would put in this JSON vs gRPC thing?
Configuring grpc and configmap options through helm or directly should be advanced configuration out of the box helm should just work. Signed-off-by: John Fastabend <[email protected]>
I don't think anyone will reasonably assume that the "Try Tetragon.." section is a production users guide on how to deploy and manage a fleet of servers running Tetragon. Signed-off-by: John Fastabend <[email protected]>
jrfastab
force-pushed
the
pr/jrfastab/docs
branch
9 times, most recently
from
f86dcd7 to
d12ba5b
Compare
Developers are not normal users lets build them their own docs sections so as to not confuse development, from deployment, from exploration. Signed-off-by: John Fastabend <[email protected]>
To get started I don't think understanding all the details of JSON events vs GRPC and so on is important. Move it into a "concepts" section. Signed-off-by: John Fastabend <[email protected]>
Metrics are a great way to pull useful information out of Tetragon lets create a section for them in Concepts. Signed-off-by: John Fastabend <[email protected]>
Filtering by namespace and pod labels is part of tracing policy move it under that unbrella item. Signed-off-by: John Fastabend <[email protected]>
There are lots of details we have for Installing Tetragon in various environments, bare-metal, docker, systems, etc. Lets create a section to capture those instead of spreading that knowledge thorughout and/or in getting started which needs to be really about shortest path to up and running tetragon. Signed-off-by: John Fastabend <[email protected]>
References should be after content IMO. Signed-off-by: John Fastabend <[email protected]>
Tetra CLI is useful for sure lets move it into installation. The getting started section can give the one line command to install it. Signed-off-by: John Fastabend <[email protected]>
Enforcement is a big enough concept we can build its own section. Signed-off-by: John Fastabend <[email protected]>
Lets document how we do benchmarks bring on the fun. Signed-off-by: John Fastabend <[email protected]>
Simplify the getting started guide Signed-off-by: John Fastabend <[email protected]>
Signed-off-by: John Fastabend <[email protected]>
Signed-off-by: John Fastabend <[email protected]>
This is nicer if a service is added later presumably it will also pull from this cidr. Signed-off-by: John Fastabend <[email protected]>
Large JSON event block is best to put in hidden block. Signed-off-by: John Fastabend <[email protected]>
Per Mahe's comment its best to align headers and files. Signed-off-by: John Fastabend <[email protected]>
Tetragonon should be tetragon Signed-off-by: John Fastabend <[email protected]>
Create an installation section and move systemd install there. This further simplifies 'getting started' section. Signed-off-by: John Fastabend <[email protected]>
jrfastab
force-pushed
the
pr/jrfastab/docs
branch
from
d12ba5b to
9720b29
Compare
| Then we can apply the egress cluster enforcement policy | ||
|
|
||
| ```shell-session | ||
| wget http://github.com/cilium/tetragon/quickstart/network_egress_cluster_enforce.yaml |
There was a problem hiding this comment.
those kinds of links will not work, you have many of them in the PR. you need the /blob/main part in the URL. That's how GitHub is doing things.
| The enforces TCP connects see [Enforce Sandbox]({{< ref "#enforce-common-security-policy" >}}) below to further restrict possible | ||
| workaround such as writing through /dev devices and raw sockets application may | ||
| attempt. |
There was a problem hiding this comment.
This is missing in the page and maybe should be removed?
Signed-off-by: Mahe Tardy <[email protected]>
Signed-off-by: Mahe Tardy <[email protected]>
Signed-off-by: Mahe Tardy <[email protected]>
Signed-off-by: Mahe Tardy <[email protected]>
Signed-off-by: Mahe Tardy <[email protected]>
Signed-off-by: Michi Mutsuzaki <[email protected]>
The K8s quickstart guide lists a couple options for installing a K8s cluster -- kind and gke. Lets copy the tabular version Cilium docs have that also has other examples for a few different options.